Patch/Configuration Management, Vulnerability Management

Lone fix offered on ‘Patch Tuesday’

Microsoft released just a single patch Tuesday for its monthly security bulletin.

The Redmond, Wash., company, however, noted that the update has been rated as critical, and said the vulnerabilities it repairs could allow a hacker to take control of an entire PC.

"Microsoft does recommend that all customers sign up for Microsoft Update and enable its Automatic Updates functionality to receive all updates available this month and to help make their systems more secure," said a company spokesperson.

Microsoft has released monthly security updates, which it calls "Patch Tuesday."

The patch, which contains three updates, addressed problems with either Windows Media Format or Enhanced Media Format, said Russ Cooper, senior information security analyst with Cybertrust.

Cooper believes Microsoft must become more creative when issuing security updates.

"I just wish they would stop repeating themselves with buffer overflow again," he said. "I'd like to see (Microsoft Chief Executive Officer Steve) Ballmer get up there and tell us why they are posting these things over and over and over again."

Microsoft said last week that the monthly software security bulletin would consist of just one update, but that it would have the highest maximum severity rating of critical. The updates require a restart and are detectable using the Microsoft Baseline Security Analyzer, the company said.

Steve Manzuik, eEye product manager, said his company discovered the vulnerabilities in March and September of this year.

Manzuik called the vulnerabilities "the typical thing." "They allow for remote operation," he said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.